Information Technology Analyst

Education:

• Bachelor's degree in Information Security, Information Technology, or a closely related field, or equivalent experience required.
• The following certifications are preferred: Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Systems Auditor (CISA).

Previous Work Experience:

• Five (5) or more years of advanced information security experience. Employment history should demonstrate increasing levels of responsibility.
•  Strong experience with information security principles and frameworks such as NIST 800 or ISO 27001.
• Strong experience with security technologies and controls (SIEM, firewalls, encryption, access control, IDS/IPS, File Integrity Monitoring, Data Loss Prevention, and other network and system monitoring tools). This position requires strong technical skills and abilities.
• Strong experience with incident response, risk assessment and management, and compliance auditing
• Strong experience in developing and executing security architecture and strategies. This includes strategic, tactical and project level plans.
• Strong knowledge of enterprise risk management.
• Must have the ability to identify and remediate vulnerabilities in the IT environment.
• Must have the ability to write, update and review policies, processes, and procedures.
• Breadth and depth of technical and/or functional expertise in security operations and other related areas within information technology departments such as Infrastructure, Engineering, Networking or Development.

Physical Requirements:

• Must be able to remain in a stationary position 50% of the time or more.
• Must be able to operate a computer 50% of the time or more.

Essential Functions:

• Develop, implement, and manage the organization’s information security program according to established frameworks, including security policies, procedures, and controls. Oversee approval, training and communication of applicable information security policies and practices.
• Develop, implement, and manage the organization’s information security training and awareness program, and ensure the program meets industry standards and compliance requirements.
• Develop, implement, and manage a security operations program and execute initiatives to protect, detect and respond to security threats and incidents. Areas of responsibility include technical assessments, security information event monitoring, endpoint security, web security, vulnerability management, physical security, network & web penetration testing and threat hunting.
• Plan and conduct assessments including but not limited to security engineering, vulnerability management, endpoint protection, web protection, external systems protection, threat hunting and penetration testing.
• Recommend, implement, and maintain tools and security platforms used to perform the security operations program.
• Conduct regular IT risk assessments.
• Provides security communication, awareness, and training for audiences, which may range from junior staff to executive leadership.
• Lead technical security and cyber investigations.
• Plan and execute regular incident response and postmortem exercises.
• Provide regular reporting on the status of the information security program to senior IT management.
• Advanced experience implementing, managing and using Crowdstrike Falcon and Rapid7 platforms preferred, but not required.”
• Perform other IT-related tasks as needed.

Skills and Abilities:        

• Develop and maintain constructive and cooperative working relationships with others.
• Effective leadership – constructively motivate others, resolve conflicts, build trust, foster cooperation, and communicate clearly.
• Excellent negotiating and communication skills; ability to openly acknowledge, listen to, and accept others’ ideas and solutions. Must be able to effectively communicate and train non-technical audiences.
• Ability to prioritize workload and work independently.
• Must be self-motivated and willing to learn.

Leadership Competency Expectations:

• Consistently demonstrate and hold team members accountable to The Roberds’ Way values.
• Coaching and Developing Others — Identifying the developmental needs of others and coaching, mentoring, or otherwise helping others to improve their knowledge or skills.
• Establishing and Maintaining Interpersonal Relationships — Developing constructive and cooperative working relationships with others and maintaining them over time.
• Listening Actively — Giving full attention to what other people are saying, taking time to understand the points being made, asking questions as appropriate, and not interrupting at inappropriate times.
• Resolving Conflicts and Negotiating with Others — Handling complaints, settling disputes, and resolving grievances and conflicts, or otherwise negotiating with others in a respective manner.
• Developing and Building Teams — Encouraging and building mutual trust, respect, and cooperation among team members.
• Leading by Example – Displaying reliability, holding oneself accountable for one’s actions, remaining open to listening to alternative viewpoints, maintaining a growth mindset and behavior.

Demonstrated Competencies:

• Demonstrates advanced knowledge of security technologies and controls.
• Demonstrates solid knowledge of developing and executing security architecture and strategies.
• Demonstrates broad understanding of IT infrastructure.